Table 2: The structure of an authentication vector.
Field |
Description |
RAND |
Random challenge |
CK |
Cipher key |
IK |
Integrity key |
AUTN |
Authentication token |
XRES |
Expected response |
(a) Structure of an authentication vector
Field |
Description |
SQN |
Seąuence number |
AMF |
Authentication management field |
MAC-A |
Message authentication codę |
(b) Structure of the AUTN field of an authentication vector
Integrity key agreement: The property that the mobile station and the serving network agree on an integrity key they may use subseąuently.
Data integrity and origin authentication of signaling data: The property that the receiv-ing entity (mobile station or serving network) is able to verify that signaling has not been modified in an unauthorized way sińce it was sent by the sending entity (serving network or mobile station) and that the origin of the signaling data received is indeed the one claimed.
UMTS AKA is a security mechanism used to accomplish the authentication features and all of the key agreement features described above. This mechanism is based on a challenge/response authentication protocol conceived in such a way as to achieve maximum compatibility with GSM’s subscriber authentication and key establishment protocol, in order to make easier the transition from GSM to UMTS. A challenge/response protocol is a security measure intended for an entity to verify the identity of another entity without revealing a secret password shared by the two entities. The key concept is that each entity must prove to the other that it knows the password without actually revealing or transmitting such password.
The UMTS AKA process described in this subsection is invoked by a serving network after a first registration of a user, after a service reąuest, after a location update reąuest, after an attach reąuest and after a detach reąuest or connection re-establishment reąuest. In addition, the relevant information about the user must be transferred from the user’s home network to the serving network in order to complete the process. The home network’s HLR/AuC provides serving network’s VLR/SGSN with Authentication Vectors (AVs), each one holding the information fields described in table 2.
The authentication and key agreement process is summarized in the following algorithm and illustrated in figurę 7:
Stage 1:
13